Blue shitstorm on the horizon!
-
This is making rounds in our company:
https://www.armis.com/blueborne/
It has been assigned
CVE-2017-1000250(that's for Linux; it got a bunch of CVEs as it's several issues together). It is a massive shitstorm.Somewhat, but not completely unexpectedly, given what we know about the company, under Coordinated Disclosure header they have:
- Samsung – Contact on three separate occasions in April, May, and June. No response was received back from any outreach.
(Google, Microsoft, Apple and Linux developers all responded and provided fixes; updates for Android are, however, at the mercy of vendors).
-
All Windows computers since Windows Vista are affected by the “Bluetooth Pineapple” vulnerability which allows an attacker to perform a Man-in-The-Middle attack (CVE-2017-8628).
AAAAAAAAAAAAAH! PANIIIIII-
Microsoft issued has security patches to all supported Windows versions on July 11, 2017, with coordinated notification on Tuesday, September 12.
Oh, then I'm already protected :D
-
@raceprouk
But I thought the advisory said all supported Windows versions, so your phone is still nekkid
-
@bulb said in Blue shitstorm on the horizon!:
(Google, Microsoft, Apple and Linux developers all responded and provided fixes; updates for Android are, however, at the mercy of vendors).
good thing i run AOSP then.
-
@izzion said in Blue shitstorm on the horizon!:
@raceprouk
But I thought the advisory said all supported Windows versions, so your phone is still nekkidSupport ended for Windows Phone, but Windows 10 Mobile is still supported.
-
The most commercial, and consumer-oriented platform based on Linux is the Tizen OS.
They and I have a very different view on "consumer-oriented".
-
FTA:
does not require any preconditions or configurations aside of the Bluetooth being active
I'm completely safe then.
BTW, is it just me or is that article truly full of breathless hyperbole? Hey, Chicken Little, the sky isn't actually falling right now! (Also, I wrote “herpybole” first, which is the funnest thinko I've done for a while, so I'm going to share it round…)
-
@atazhaia Tizen being a pile of shit doesn't make that statement wrong. I mean it's clearly oriented towards customers, and it's already in more (customer-facing) devices than any other Linux distro, with the minor exception of Android, but that barely counts as Linux.
-
@anonymous234 said in Blue shitstorm on the horizon!:
Android, but that barely counts as Linux
Android totally counts as Linux. Linux is the kernel and that is there.
-
@anonymous234 said in Blue shitstorm on the horizon!:
with the minor exception of Android, but that barely counts as Linux.
that's like saing Ubuntu doesn't count as linux because Unity
-
Remember:
- The word "linux" refers only to the kernel if and only if that makes the linux user look better in the debate
- Otherwise, "linux" is a vague nebulous term referring to literally everything even slightly related to the linux kernel
If you're using Ubuntu, you're either using "linux" or not using "linux" depending on the above rules. There are either zero operating systems named "linux", or two dozen, depending on what makes it looks better in a debate.
-
@blakeyrat when you're using Ubuntu you're most certainly using Linux. Because Ubuntu is both "a Linux" and "using the Linux kernel".
-
@gleemonk said in Blue shitstorm on the horizon!:
@blakeyrat when you're using Ubuntu you're most certainly using Linux. Because Ubuntu is both "a Linux" and "using the Linux kernel".
-
@blakeyrat I refer to anything using the Linux kernel as Linux. So I am both really happy to be using Linux Mint and Android as two operating systems of choice, while also ashamed of them belonging to the same family as the shitpile that is Tizen.
-
@gleemonk said in Blue shitstorm on the horizon!:
@blakeyrat when you're using Ubuntu you're most certainly using Linux. Because Ubuntu is both "a Linux" and "using the Linux kernel".
Examples:
- The word "linux" refers only to the kernel if and only if that makes the linux user look better in the debate
"Why does linux still use that terrible X11 windowing system that doesn't have any security, performs like crap, and is a nightmare to configure for hot-swapping monitors?"
"Um, actually, linux is just the kernel so it has nothing to do with X11, that's not a linux problem at all."- Otherwise, "linux" is a vague nebulous term referring to literally everything even slightly related to the linux kernel
"Why did it take linux so long to get GPU-accelerated 2D graphics for its desktops? OS X had that in like 2001 and Windows had it in 2006."
"Um, actually, there was a tiny 2-man project that added it into linux in 2000, it just wasn't tested or put on any production OSes ever, but you see that linux had that feature first."Or as SlackerD says:
-
@blakeyrat I just pointed out that the second part of your joke doesn't work.
The first part worked, you should have left it there. It reminded me of a massive thread about "Windows never crashes, third-party drivers do". That one was very amusing for bystanders.
-
@bulb said in Blue shitstorm on the horizon!:
My leg has Bluetooth. Seriously.
Now I have to worry about hackers?
-
@blakeyrat said in Blue shitstorm on the horizon!:
@gleemonk said in Blue shitstorm on the horizon!:
@blakeyrat when you're using Ubuntu you're most certainly using Linux. Because Ubuntu is both "a Linux" and "using the Linux kernel".
Examples:
- The word "linux" refers only to the kernel if and only if that makes the linux user look better in the debate
"Why does linux still use that terrible X11 windowing system that doesn't have any security, performs like crap, and is a nightmare to configure for hot-swapping monitors?"
"Um, actually, linux is just the kernel so it has nothing to do with X11, that's not a linux problem at all."- Otherwise, "linux" is a vague nebulous term referring to literally everything even slightly related to the linux kernel
"Why did it take linux so long to get GPU-accelerated 2D graphics for its desktops? OS X had that in like 2001 and Windows had it in 2006."
"Um, actually, there was a tiny 2-man project that added it into linux in 2000, it just wasn't tested or put on any production OSes ever, but you see that linux had that feature first."Or as SlackerD says:
Yeah, that always pisses me off. When you're arguing consumer desktops with someone, and you say that Linux has such a small userbase, the other person is guaranteed to say "Nuh-uh! Androids run it, cars run it, servers run it, it's everywhere!"
-
@pie_flavor said in Blue shitstorm on the horizon!:
@blakeyrat said in Blue shitstorm on the horizon!:
@gleemonk said in Blue shitstorm on the horizon!:
@blakeyrat when you're using Ubuntu you're most certainly using Linux. Because Ubuntu is both "a Linux" and "using the Linux kernel".
Examples:
- The word "linux" refers only to the kernel if and only if that makes the linux user look better in the debate
"Why does linux still use that terrible X11 windowing system that doesn't have any security, performs like crap, and is a nightmare to configure for hot-swapping monitors?"
"Um, actually, linux is just the kernel so it has nothing to do with X11, that's not a linux problem at all."- Otherwise, "linux" is a vague nebulous term referring to literally everything even slightly related to the linux kernel
"Why did it take linux so long to get GPU-accelerated 2D graphics for its desktops? OS X had that in like 2001 and Windows had it in 2006."
"Um, actually, there was a tiny 2-man project that added it into linux in 2000, it just wasn't tested or put on any production OSes ever, but you see that linux had that feature first."Or as SlackerD says:
Yeah, that always pisses me off. When you're arguing consumer desktops with someone, and you say that
LinuxJava has such a small userbase, the other person is guaranteed to say "Nuh-uh! Androids runitJava, cars runitJava, servers runitJava, it's everywhere!"FTFO.
-
@el_heffe Why? Is it powered and sending charge level data to a phone app or something? Can it stream music?
-
@blek said in Blue shitstorm on the horizon!:
@el_heffe Why? Is it powered and sending charge level data to a phone app or something? Can it stream music?
It sends vibration information to the body.
-
@tsaukpaetra said in Blue shitstorm on the horizon!:
@blek said in Blue shitstorm on the horizon!:
@el_heffe Why? Is it powered and sending charge level data to a phone app or something? Can it stream music?
It sends vibration information to the body.
-
@pie_flavor said in Blue shitstorm on the horizon!:
@tsaukpaetra said in Blue shitstorm on the horizon!:
@blek said in Blue shitstorm on the horizon!:
@el_heffe Why? Is it powered and sending charge level data to a phone app or something? Can it stream music?
It sends vibration information to the body.
Status: I think @pie_flavor is starting to understand me...
-
@blek said in Blue shitstorm on the horizon!:
@el_heffe Why? Is it powered and sending charge level data to a phone app or something?
It has sensors and motors in it. This requires it to be charged every day.
"Sorry, can't go right now, my leg is charging."
You can connect to it and adjust certain settings that control the sensors and motors. It seems stupid and I suspect that the only reason for doing it wirelessly instead of a physical connection is "because we can".
Can it stream music?
I doubt it, but that would actually be pretty cool if it did. But then I would need bluetooth headphones.
Living in the future is weird.
-
@pie_flavor said in Blue shitstorm on the horizon!:
Yeah, that always pisses me off. When you're arguing consumer desktops with someone, and you say that Linux has such a small userbase, the other person is guaranteed to say "Nuh-uh! Androids run it, cars run it, servers run it, it's everywhere!"
There's a video I saw a couple of years ago, a guy says to a room full of people "How many of you use Linux?" A few people raise their hand. Then he says "How many of you use Google?" Everyone raises their hand, and he says "You're running Linux!"
-
@bulb said in Blue shitstorm on the horizon!:
This is making rounds in our company:
https://www.armis.com/blueborne/
It has been assigned
[CVE-2017-1000250](that's for Linux; it got a bunch of CVEs as it's several issues together). It is a massive shitstorm.Somewhat, but not completely unexpectedly, given what we know about the company, under Coordinated Disclosure header they have:
- Samsung – Contact on three separate occasions in April, May, and June. No response was received back from any outreach.
(Google, Microsoft, Apple and Linux developers all responded and provided fixes; updates for Android are, however, at the mercy of vendors).
Not true. Those fuckers at Apple didn't even lift a fucking finger.
-
@el_heffe said in Blue shitstorm on the horizon!:
You can connect to it and adjust certain settings that control the sensors and motors. It seems stupid and I suspect that the only reason for doing it wirelessly instead of a physical connection is "because we can".
It's likely more convenient than building an external interface that you'd have to physically manipulate (because you know they'd put it in the most awkward position).
-
@kt_ said in Blue shitstorm on the horizon!:
Those fuckers at Apple didn't even lift a fucking finger.
Well, they did fix something, because while iOS 9 is affected, iOS 10 is not. They appear to have fixed it by accident when doing something else though, so they did nothing for the report itself.
-
@bulb said in Blue shitstorm on the horizon!:
@kt_ said in Blue shitstorm on the horizon!:
Those fuckers at Apple didn't even lift a fucking finger.
Well, they did fix something, because while iOS 9 is affected, iOS 10 is not. They appear to have fixed it by accident when doing something else though, so they did nothing for the report itself.
That was the joke. That they didn't lift a finger, because they didn't need to. ;)
BTW, I've waited more than a day for someone to see through my charade!
-
@el_heffe That's a pretty tiny power adapter there. Must take a while to charge.
-
@onyx said in Blue shitstorm on the horizon!:
@el_heffe That's a pretty tiny power adapter there. Must take a while to charge.
If a USB cable can pass through 100W of power, Shirley a thick cable like that could provide similar juice...
-
@tsaukpaetra said in Blue shitstorm on the horizon!:
@onyx said in Blue shitstorm on the horizon!:
@el_heffe That's a pretty tiny power adapter there. Must take a while to charge.
If a USB cable can pass through 100W of power, Shirley a thick cable like that could provide similar juice...
Don't call me surely.
-
@pie_flavor said in Blue shitstorm on the horizon!:
@tsaukpaetra said in Blue shitstorm on the horizon!:
@onyx said in Blue shitstorm on the horizon!:
@el_heffe That's a pretty tiny power adapter there. Must take a while to charge.
If a USB cable can pass through 100W of power, Shirley a thick cable like that could provide similar juice...
Don't call me surely.
Call me maybe?
-
@tsaukpaetra said in Blue shitstorm on the horizon!:
@pie_flavor said in Blue shitstorm on the horizon!:
@tsaukpaetra said in Blue shitstorm on the horizon!:
@onyx said in Blue shitstorm on the horizon!:
@el_heffe That's a pretty tiny power adapter there. Must take a while to charge.
If a USB cable can pass through 100W of power, Shirley a thick cable like that could provide similar juice...
Don't call me surely.
Call me maybe?
Robyn Maby?